Compromised Systems events that can be demonstrated to have originated from sandbox testing environments can be suppressed, regardless of their location within the network.
As best practice, we strongly recommend conducting malware testing within a separate network whenever possible or setting up a self-published rating.
Event Suppression Request Process
To request Compromised Systems events that have originated from testing environments to be suppressed, please provide sufficient evidence to Bitsight Support.
Required Evidence
Submit any of the following types of evidence (screenshots are accepted):
- Emails from sandbox testing software of such emails.
- Screenshots of the sandbox testing software.
- Logs from the sandbox testing software.
The evidence MUST include the following information:
- The malware family or identified threat.
- The target domain or target IP address.
- A timestamp that correlates with the finding under appeal.
Additional Information
We strongly encourage providing the following types of evidence:
- Binaries of the malware. These can be encrypted and forwarded or uploaded to malware detection tools, such as VirusTotal.
- Hashes of the malware binaries.
- All relevant logs.
Publication Date – August 21, 2020
Feedback
0 comments
Please sign in to leave a comment.